Pick a lesson below to get started.
Learn how to keep your customer's personally identifiable information safe through encryption, two-factor authentication, request blocking, and deploying a web application firewall.
1. Ruby on Rails Authentication with Devise
Use a trusted library like Devise for authentication, which uses the secure bcrypt algorithm to hash passwords.
2. Two Factor Authentication with Devise
Encourage (or enforce) that users enable two-factor authentication and supply a one-time password (OTP) code along with their password when they log in. OTPs can be generated with apps such as 1Password, Google Authenticator, or Authy.
3. Rate Limit Login Attempts by IP with Rack::Attack
Rack::Attack is middleware for throttling and blocking requests. By limiting login attempts by IP address we can slow credential stuffing attacks, whereby email/password pairs gathered from the breach of another site are tested on your site.
4. Secure Your Login Page with an Invisible CAPTCHA
Add Google's invisible reCAPTCHA to your login page in order to prevent automated login attempts, which significantly slow down a credential stuffing or password spraying attack.